f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Status: finished

Submission Time: 2024-06-08 20:21:05 +02:00

Malicious

Trojan

Spyware

Evader

Mars Stealer, Stealc, Vidar

Comments

Details

Analysis ID:
1454088
API (Web) ID:
1454088
Analysis Started:

2024-06-08 20:21:05 +02:00
Analysis Finished:

2024-06-08 20:29:02 +02:00
MD5:
9c2b900d014ba5b9dfd0ca6cef201753
SHA1:
e5705841f68d9443ba5efb553aa9f87556e403e5
SHA256:
f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf317fab7b3e90281b5d05
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 25/72

malicious

Score: 19/24

malicious

IPs

IP	Country	Detection
23.88.106.134	United States

URLs

Name	Detection
http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll
http://23.88.106.134/566d6e1ec8db6394/sqlite3.dll
http://23.88.106.134/566d6e1ec8db6394/mozglue.dll
Click to see the 49 hidden entries
http://23.88.106.134/566d6e1ec8db6394/msvcp140.dll
http://23.88.106
http://23.88.106.134/566d6e1ec8db6394/nss3.dll
http://23.88.106.134/6a9f8e2503d99c04.php
http://23.88.106.134
http://23.88.106.134/566d6e1ec8db6394/softokn3.dll
http://23.88.106.134/566d6e1ec8db6394/freebl3.dll
http://23.88.106.134/566d6e1ec8db6394/freebl3.dllYW
https://ac.ecosia.org/autocomplete?q=
https://www.ecosia.org/newtab/
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://23.88.106.134/6a9f8e2503d99c04.phpdus.wallet
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://mozilla.org0/
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
http://23.88.106.134/6a9f8e2503d99c04.php)
http://www.sqlite.org/copyright.html.
http://23.88.106.134/6a9f8e2503d99c04.phpcS
http://23.88.106.134/566d6e1ec8db6394/freebl3.dlleV
http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll3x
http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll4
https://support.mozilla.org
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://23.88.106.134/6a9f8e2503d99c04.php6
http://23.88.106.134/566d6e1ec8db6394/nss3.dllpera
http://23.88.106.134/6a9f8e2503d99c04.phpwser
https://duckduckgo.com/chrome_newtab
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
http://23.88.106.134/566d6e1ec8db6394/softokn3.dllOV
https://duckduckgo.com/ac/?q=
http://23.88.106.134/6a9f8e2503d99c04.phpC
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
http://23.88.106.134/6a9f8e2503d99c04.php?S
http://23.88.106.134/566d6e1ec8db6394/nss3.dllj9
http://23.88.106.134/6a9f8e2503d99c04.phpm
http://www.mozilla.com/en-US/blocklist/
http://23.88.106.134/6a9f8e2503d99c04.phpiSS
http://23.88.106.134/6a9f8e2503d99c04.phppenSSH
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
http://23.88.106.134/566d6e1ec8db6394/mozglue.dllAV
http://23.88.106.134/6a9f8e2503d99c04.phpz
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
http://23.88.106.134/6a9f8e2503d99c04.php513e43049a24c4f8a56ff24fb86a0b
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe
http://23.88.106.134/6a9f8e2503d99c04.phpition:
http://23.88.106.134/6a9f8e2503d99c04.phpGS
http://23.88.106.134y

Dropped files

Name	File Type	Hashes
C:\ProgramData\freebl3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\mozglue.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\nss3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
Click to see the 7 hidden entries
C:\ProgramData\softokn3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\d3d9.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#

f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe